Aurus Blog

This blog is to share our expertise in Cisco UCM, UCCX/UCCE and Cisco Meeting Server

  • Archive

    «   October 2022   »
    M T W T F S S
              1 2
    3 4 5 6 7 8 9
    10 11 12 13 14 15 16
    17 18 19 20 21 22 23
    24 25 26 27 28 29 30

Cisco CMS Ad-Hoc Conferencing with CUCM

Ad Hoc is a widely used conferencing type that can implement trilateral or multilateral conferences. CMS can be used as a conferencing bridge resource.

We’re going to use CUCM 11.5SU1 and CMS 2.3.3 for experimental purposes. Please use a proper configuration according to your own environment.


CUCM versions prior to 11.5 SU3 use TLS 1.0, and CMS 2.3 and later versions use TLS1.2. If a CUCM version earlier that 11.5 SU3 is integrated with CMS 2.3+, you should modify the CMS TLS version information. Use the following command for CMS:

tls webadmin min-tls-version 1.0
tls sip min-tls-version 1.0

The configuration process includes the following steps:

  • Certificate-related configuration;
  • CMS-related configuration;
  • CUCM-related configuration;
  • Testing.

Certificate-related configuration

CUCM and CMS should trust each other to implement Ad Hoc conferencing, so you’ll need a certificate application (CA or OpenSSL).

(1) Certificates for CUCM Side

A. Download the root certificate from CA or OpenSSL, as shown below (CA is used for this example):

B. Upload the root certificate to callmanger-trust.

Log in to CUCM > Cisco Unified OS Administration > Security > Certificate management, click Upload Certificate / Chain Certificate, fill in the parameter fields and click upload.

  • Certificate Purpose: CallManager-trust
  • Description (friendly name): CUCM trust ROOTCA from CA
  • Upload file: rootca.cer (select your file)

C. CUCM uploads the certificate and applies it to Call Manager.

1. Create a request:

Generate a Certificate Signing Request
  Certificate Purpose: CallManager
    Distribution field: default
    Common Name field: default
  Subject Alternate Names (SANs)
    Parent domain: (domain name)
  Key Type: RSA
    Length field: default (2048)
    Hash Algorithm field: default (SHA256)

2. Upload the generated CSR.

3. Generate a certificate.

Log in to CA > Certificate Request > extended certificate request, click Submit.

4. Upload the certificate to CUCM.

Log in to CUCM > Cisco Unified OS Administration > Security > Certificate Management, click Upload Certificate / Chain Certificate, fill in the parameter fields and click Upload.

(2) CMS Certificate

A. Create a CSR and upload cama.csr:

pki csr cmsa (domain name),,,,, (all domain
names and addresses in the CMS cluster)
pki list
User supplied certificates and keys:

B. Generate Certificate

Log in to CA > Certificate Request > extended certificate request, click Submit.

C. Upload root certificate and CMS certificate

pki list
User supplied certificates and keys:

CMS-related Configuration

A. Configure a Call Bridge

cmsa > callbridge
Listening interfaces : a
Preferred interface : none
Key file : cmsa.key
Certificate file : cmsa.cer
Address : none
CA Bundle file : rootca.cer

B. Configure Webadmin

cmsa > webadmin
Enabled : true
TLS listening interface : a
TLS listening port : 8443
Key file : cmsa.key
Certificate file : cmsa.cer
CA Bundle file : rootca.cer
HTTP redirect : Disabled
STATUS : webadmin running

C. Configure Incoming Call Handling

CUCM-related Configuration

A. Upload the CMS webadmin certificate to callmanager-trust
B. Create a trunk
C. SIP profile

  • Use Fully Qualified Domain Name in SIP Requests
  • Conference Join Enabled
  • Deliver Conference Bridge Identifier
  • Enable OPTIONS Ping to monitor destination status for Trunks with Service Type "None (Default)" – optional
  • Allow Presentation Sharing using BFCP
  • Allow iX Application Media
  • Allow multiple codecs in answer SDP – optional

D. Add a conference bridge
  • HTTP port is a port number for CMS webadmin access. (Note: for CUCM 11.5.1 SU3 or newer, you can choose “Cisco Meeting Server” conference bridge type; for older versions you can only use “Cisco Telepresence Conductor”.)

Cisco Official link for certificate:

Cisco’s Conferencing Options Explained

With a wide range of conferencing products offered by Cisco it may be hard to figure out what are the options and what each of them is designed for. This post is going to help you to get a sense of what is happening in the Cisco’s conferencing world.

Audio Conferencing

Cisco UCM has several conferencing features on-board:

  • Ad-Hoc - to escalate the current phone call to audio-conference,
  • Meet-Me – for permanent conferences,
  • ConferenceNow (introduced in CUCM 11) – for personal conference rooms.

All of them are audio only and use either the software conference bridge (CUCM service) or hardware conferencing resources (most often – DSP modules in Cisco ISRs). Hardware DSP modules are required to enable the transcoding feature as the software bridge only supports G711.

Since CUCM is not a conferencing platform, these three options only provide basic conferencing features, but may be enhanced with 3rd party add-ons to CUCM. For example, Aurus PhoneUP operates on top of the CUCM conferencing engine providing extra functionality like:

  • meeting scheduler,
  • PIN and Caller ID security,
  • conference control tools.

But still only audio conferencing is available. If you meetings require web collaboration and/or video you have to deploy additional Cisco products.

Web-conferencing and Collaboration

Cisco’s web-conferencing portfolio is based on the Cisco WebEx platform that provides audio/video conferencing as well as web-collaboration tools – white board, presentations, application sharing, chat and so on.

You can join the WebEx meeting over IP (PC or mobile devices) as well as by dialing the call-in number from any phone.

The WebEx platform is available in cloud (Cisco WebEx Meeting Center) or on-premises (Cisco WebEx Meeting Server).

Similar to Cisco UCM conferencing options, WebEx meetings can be:

  • started instantly,
  • scheduled,
  • always available (Cisco Collaboration Meeting Rooms).

HD-Video Conferencing

Finally, for the best user experience Cisco offers Cisco TelePresence architecture, which provides high-quality HD video conferencing.

The core components of Cisco TelePresence offer are:

  • video-endpoints - desktop, room and immersive,
  • video-conferencing bridges - Cisco TelePresence Serverand obsolete Cisco TelePresence MCU,
  • Cisco Telepresence Conductor - orchestrates the allocation of conferencing resources,
  • Cisco TelePresence Management Suite (TMS) – manages the Cisco TelePresence infrastructure providing engineers with provisioning, meeting control, resource management and meeting scheduling features.

There are also several optional components available from both Cisco and its technology partners like:

  • Cisco TelePresence Recording Server – to record conferences,
  • Cisco Expressway – to allow users outside the firewall to join the meetings,
  • Aurus U-Meet – to improve the meeting scheduling and conference control.

CUCM On-Board Conferencing Options Overview and Restrictions

Cisco Unified Communications Manager has several native conferencing options. All of them are quite simple, “getting started” implementations. If you need more, you have to switch to one of full-featured conferencing platform described, for example, here, on Cisco’s website.

But in this post we’re going to review only on-board options shipped with CUCM.

Ad-Hoc Conference

Ad-hoc (also referred to as “instant”) conference is an impromptu conference that is not scheduled before. A point-to-point call may be escalated to an ad-hoc conference using Cisco IP phone, Cisco Jabber, or some 3rd party CTI application like attendant console.

The originator of the conference may add / remove participants, no other conference control features are available.

Meet-Me Conference

Meet-Me (also referred to as “permanent”) conferencing suggests that a range of directory numbers are allocated for exclusive use of the conference. The meet-me conference begins when the host connects. After that anyone who calls the conference number joins the conference.


  • the host must use a Cisco endpoint to start the conference,
  • no scheduling tool is available,
  • no authentication is available ,
  • no conference control options.

Conference Now Feature

The Conference Now feature is available on CUCM 11 and higher and is going to replace the Meet-Me option. It allows user to create their personal meeting rooms (with DN associated) protected with PIN. Anyone who calls the host’s meeting number is asked for the PIN to join the conference. The conference starts when the host joins the meeting, till that everyone receive MOH (Music On Hold) provided by basic IVR implemented in CUCM 11.


  • no scheduling tool,
  • the PIN is managed by host and is not generated automatically,
  • no participants list is available for the host,
  • no conference control options.

Conference Bridges

All CUCM conferencing options use the conference bridge configured in CUCM.

Software conference bridge

The CUCM software conference bridge is available out of the box and only supports G.711 codec (ALaw & ULaw). If there is a codec mismatch between the calling device and the software conference bridge, a transcoder is needed.

The software conference bridge can handle up to 128 audio streams (48 if the Cisco IP Voice Media Streaming Application service runs on the same server as the Cisco CallManager service) and supports max 100 conferences per CUCM server.

Hardware conference bridges

To obtain the transcoding feature and increase the capacity of conferencing resources you need to switch to hardware conference bridge.

For example, Cisco 1700, Cisco 2600, Cisco 2600XM, Cisco 2800, Cisco 3600, Cisco 3700, and Cisco 3800 series voice gateway routers (DSP modules are required) provide conferencing and transcoding capabilities for Cisco Unified Communications Manager.